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DETAILED ACTION 

1 . This action is in response to the RCE filed 04/27/2005. Claims 1-27 have been 
amended. 

Response to Arguments 

2. Applicant's arguments filed 04/27/2005 have been fully considered but they are 
not persuasive. Applicant argues that Attwood does not disclose stopping packets from 
being transmitted before necessary security association for the packets is obtained. 
Attwood (6,347,376) discloses stopping packets from being transmitted before 
necessary security association for the packets is obtained (figure 8, steps 819, 821). 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 2, 18 and 21 are rejected under 35 U.S.C. 1 12, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Regarding claim 2, it is not clear how a security association comprises an IKE 
component. The claim is interpreted as "wherein negotiating for a security association is 
performed by an IKE component". 
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Claim 18 recites the limitation "the network flow information" in line 2. There is 
insufficient antecedent basis for this limitation in the claim. The limitation is interpreted 
as "network flow information". 

Claim 21 recites the limitation "the security association negotiation component" in 
line 2. There is insufficient antecedent basis for this limitation in the claim. The 
limitation is interpreted as "a security association negotiation component". 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Attwood et al (6,347,376) in view of Nikander et al (6,252,321 ). 

Regarding claims 1,17 and 20, Attwood discloses a method comprising 
intercepting a Transmission Control Protocol (TCP) connection request by an 
application (col. 3, lines 34-40; col. 8, lines 57-59), verifying if a security association to 
protect network flow associated with the connection has been established, allowing the 
TCP connection request to proceed if a security association for the connection has been 
established (fig. 11, step 1110; fig. 8, step 826) and stopping the TCP connection 
request to proceed if a security association for the connection has not been established 
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(fig. 11, steps 1108, 1112; fig. 8, steps 819, 821). Attwood does not disclose 
negotiating for a security association if one has not been established. Nikander 
discloses a l<ey manager using the ISAKIVIP/Oakley protocol for negotiating a security 
association for a connection based on a security policy (col. 4, lines 38-40; col. 5, lines 
33-40; col. 6, lines 33-37). It would have been obvious to one of ordinary skill in the art 
at the time the invention was made modify the method of Attwood such that a security 
association is negotiated if one is needed and has not been established, as suggested 
by Nikandar. The motivation for doing so would have been that security associations 
could be negotiated as needed for IPsec processing. 

Regarding claims 2 and 21 , Nikander key manager meets the limitation of an IKE 
component. 

Regarding claims 3 and 23, Attwood further discloses that the security 
association is based on at least one of a source IP address, a destination IP address, a 
protocol, a source port, and a destination port (col. 6, lines 13-18). 

Regarding claim 4, Attwood further discloses that the protocol comprises one of 
TCP, UDP, ICMP, and IGMP (col. 6, lines 22-23). 

Claims 5 and 22 are rejected on the same basis as claim 1 . 

Regarding claim 6, Attwood further discloses retrieving the security association 
from a database (col. 6, lines 40-42). 

Regarding claim 7, Attwood further discloses that the database contains mapping 
between network flow information and security associations (fig. 5). 
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Regarding claim 8, Attwood further discloses that the network flow information 
comprises at least one of a source IP address, a destination IP address, a protocol, a 
source port, and a destination port (col. 6, lines 13-18). 

Regarding claim 9, Attwood further discloses retrieving the security policy from a 
database (fig. 5). 

Regarding claims 10-12 and 24-26, Attwood disclose a method comprising: 

monitoring application socket requests (col. 12, lines 7-12); 

requesting transmission of UDP data on a socket by an application (col. 12, lines 

7-12); 

intercepting the transmission of UDP data on a socket by the application (fig. 13, 
steps 1308, 1312; fig. 8, steps 819, 821, 826); 

determining if the socket has been associated with a security rule information 
binding, which meets the limitation of an active security association (col. 4, lines 4-17 
and fig. 13, step 1302); 

determining if there is a defined security association that may be used to protect 
the network flow if the socket has not been associated with any active security 
association (fig. 13, steps 1308, 1312; fig. 8, steps 802-818); 

allowing the UDP data to be sent (fig. 13, step 1310; fig. 8, step 826). 

Attwood does not disclose the steps of: determining what security policy should 
be used when negotiating a security association for the network flow if there is no 
defined security association that may be used to protect the network flow; alerting a 
security association negotiation component to initiate negotiation for a security 
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association using security parameters specified by the security policy if the security 
policy exists for the network flow; and establishing the security association. Nikander 
discloses a policy manager, the policy manager determining what security policy should 
be used when negotiating a security association for the network flow if there is no 
defined security association that may be used to protect the network flow (col. 4, lines 
60-64; col. 6, lines 26-32); a key manager using the ISAKMP/Oakley protocol, which 
meets the limitation of the security association negotiation component; and the step of a 
policy manager alerting the key manager to negotiate a security association using 
security parameters specified by the security policy and establishing the security 
association (col. 4, lines 38-40; col. 5, lines 33-40; col. 6, lines 60-67). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made 
modify the method of Attwood to use a policy manager and a key manager, and to 
include the steps of determining what security policy should be used when negotiating a 
security association for the network flow if there is no defined security association that 
may be used to protect the network flow; alerting a security association negotiation 
component to initiate negotiation for a security association using security parameters 
specified by the security policy if the security policy exists for the network flow; and 
establishing the security association, as suggested by Nikandar, The motivation for 
doing so would have been to negotiate and establish a security association as needed 
for IPsec processing. Accordingly, once the security association is established, the 
UDP data is processed according to the established security association and 
transmitted. 
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Regarding claim 13, Attwood further discloses that the second determining 
comprises comparing filters with at least one of a source IP address, a destination IP 
address, a source port, and a destination port related to the network flow (col. 6, lines 
13-18). 

Regarding claim 14, Attwood further discloses that each filter comprises at least 
one of a source IP address, a destination IP address, a protocol, a source port, and a 
destination port (col. 6, lines 13-18). 

Regarding claim 15, Attwood further discloses that the security policy comprises 
one filter (fig. 5). 

Regarding claim 16, it is interpreted as "determining if the packet can be allowed 
to be transferred in the clear without a security association" (see fig. 5, step S34; and 
page 12, lines 3-5). Attwood further discloses that a packet is allowed if IPSEC is not 
required (fig. 8, step 812). 

Regarding claim 18, Attwood further discloses that the network flow information 
comprises at least one of an IP addresses, protocol, ports (col. 6, lines 13-18). 

Regarding claim 19, Attwood further discloses a component being responsible for 
performing IPSec processing on incoming and outgoing packets (fig. 1, elements 101, 
103). 

Regarding claim 27, Attwood does not disclose that the active security 
association comprises a security parameter index (col. 6, lines 40-42), which comprises 
at least one of a source IP address, a destination IP address, a protocol, a source port, 
and a destination port. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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